.Section 'admin'
-`advfilter`: `<boolean>` ('default =' `1`)::
+`advfilter`: `<boolean>` ('default =' `0`)::
-Use advanced filters for statistic.
+Enable advanced filters for statistic.
++
+If this is enabled, the receiver statistic are limited to active ones
+(receivers which also sent out mail in the 90 days before), and the contact
+statistic will not contain these active receivers.
`avast`: `<boolean>` ('default =' `0`)::
-Use Avast Virus Scanner (/bin/scan). You need to buy and install 'Avast Core Security' before you can enable this feature.
+Use Avast Virus Scanner (/usr/bin/scan). You need to buy and install 'Avast Core Security' before you can enable this feature.
`clamav`: `<boolean>` ('default =' `1`)::
Use ClamAV Virus Scanner. This is the default virus scanner and is enabled by default.
+`custom_check`: `<boolean>` ('default =' `0`)::
+
+Use Custom Check Script. The script has to take the defined arguments and can return Virus findings or a Spamscore.
+
+`custom_check_path`: `^/([^/\0]+\/)+[^/\0]+$` ('default =' `/usr/local/bin/pmg-custom-check`)::
+
+Absolute Path to the Custom Check Script
+
`dailyreport`: `<boolean>` ('default =' `1`)::
Send daily reports.
Demo mode - do not start SMTP filter.
+`dkim_selector`: `<string>` ::
+
+Default DKIM selector
+
+`dkim_sign`: `<boolean>` ('default =' `0`)::
+
+DKIM sign outbound mails with the configured Selector.
+
+`dkim_sign_all_mail`: `<boolean>` ('default =' `0`)::
+
+DKIM sign all outgoing mails irrespective of the Envelope From domain.
+
`email`: `<string>` ('default =' `admin@domain.tld`)::
Administrator E-Mail address.
`archiveblockencrypted`: `<boolean>` ('default =' `0`)::
-Wether to block encrypted archives. Mark encrypted archives as viruses.
+Whether to mark encrypted archives and documents as heuristic virus match. A match does not necessarily result in an immediate block, it just raises the Spam Score by 'clamav_heuristic_score'.
`archivemaxfiles`: `<integer> (0 - N)` ('default =' `1000`)::
`archivemaxsize`: `<integer> (1000000 - N)` ('default =' `25000000`)::
-Files larger than this limit won't be scanned.
+Files larger than this limit (in bytes) won't be scanned.
`dbmirror`: `<string>` ('default =' `database.clamav.net`)::
`maxscansize`: `<integer> (1000000 - N)` ('default =' `100000000`)::
-Sets the maximum amount of data to be scanned for each input file.
+Sets the maximum amount of data (in bytes) to be scanned for each input file.
+
+`safebrowsing`: `<boolean>` ('default =' `0`)::
+
+Enables support for Google Safe Browsing. (deprecated option, will be ignored)
-`safebrowsing`: `<boolean>` ('default =' `1`)::
+`scriptedupdates`: `<boolean>` ('default =' `1`)::
-Enables support for Google Safe Browsing.
+Enables ScriptedUpdates (incremental download of signatures)
.Section 'mail'
ESMTP banner.
+`before_queue_filtering`: `<boolean>` ('default =' `0`)::
+
+Enable before queue filtering by pmg-smtp-filter
+
`conn_count_limit`: `<integer> (0 - N)` ('default =' `50`)::
How many simultaneous connections any client is allowed to make to this service. To disable this feature, specify a limit of 0.
`dnsbl_sites`: `<string>` ::
-Optional list of DNS white/blacklist domains (see postscreen_dnsbl_sites parameter).
+Optional list of DNS white/blacklist domains (postfix option `postscreen_dnsbl_sites`).
+
+`dnsbl_threshold`: `<integer> (0 - N)` ('default =' `1`)::
+
+The inclusive lower bound for blocking a remote SMTP client, based on its combined DNSBL score (postfix option `postscreen_dnsbl_threshold`).
`dwarning`: `<integer> (0 - N)` ('default =' `4`)::
-SMTP delay warning time (in hours).
+SMTP delay warning time (in hours). (postfix option `delay_warning_time`)
`ext_port`: `<integer> (1 - 65535)` ('default =' `25`)::
SMTP port number for incoming mail (untrusted). This must be a different number than 'int_port'.
+`filter-timeout`: `<integer> (2 - 86400)` ('default =' `600`)::
+
+Timeout for the processing of one mail (in seconds) (postfix option `smtpd_proxy_timeout` and `lmtp_data_done_timeout`)
+
`greylist`: `<boolean>` ('default =' `1`)::
-Use Greylisting.
+Use Greylisting for IPv4.
+
+`greylist6`: `<boolean>` ('default =' `0`)::
+
+Use Greylisting for IPv6.
+
+`greylistmask4`: `<integer> (0 - 32)` ('default =' `24`)::
+
+Netmask to apply for greylisting IPv4 hosts
+
+`greylistmask6`: `<integer> (0 - 128)` ('default =' `64`)::
+
+Netmask to apply for greylisting IPv6 hosts
`helotests`: `<boolean>` ('default =' `0`)::
-Use SMTP HELO tests.
+Use SMTP HELO tests. (postfix option `smtpd_helo_restrictions`)
`hide_received`: `<boolean>` ('default =' `0`)::
SMTP port number for outgoing mail (trusted).
-`max_filters`: `<integer> (3 - 40)` ('default =' `15`)::
+`max_filters`: `<integer> (3 - 40)` ('default =' `25`)::
Maximum number of pmg-smtp-filter processes.
Maximum number of pmgpolicy processes.
-`max_smtpd_in`: `<integer> (3 - 100)` ('default =' `99`)::
+`max_smtpd_in`: `<integer> (3 - 100)` ('default =' `100`)::
Maximum number of SMTP daemon processes (in).
-`max_smtpd_out`: `<integer> (3 - 100)` ('default =' `99`)::
+`max_smtpd_out`: `<integer> (3 - 100)` ('default =' `100`)::
Maximum number of SMTP daemon processes (out).
`maxsize`: `<integer> (1024 - N)` ('default =' `10485760`)::
-Maximum email size. Larger mails are rejected.
+Maximum email size. Larger mails are rejected. (postfix option `message_size_limit`)
`message_rate_limit`: `<integer> (0 - N)` ('default =' `0`)::
The maximal number of message delivery requests that any client is allowed to make to this service per minute.To disable this feature, specify a limit of 0.
+`ndr_on_block`: `<boolean>` ('default =' `0`)::
+
+Send out NDR when mail gets blocked
+
`rejectunknown`: `<boolean>` ('default =' `0`)::
-Reject unknown clients.
+Reject unknown clients. (postfix option `reject_unknown_client_hostname`)
`rejectunknownsender`: `<boolean>` ('default =' `0`)::
-Reject unknown senders.
+Reject unknown senders. (postfix option `reject_unknown_sender_domain`)
`relay`: `<string>` ::
`relaynomx`: `<boolean>` ('default =' `0`)::
-Disable MX lookups for default relay.
+Disable MX lookups for default relay (SMTP only, ignored for LMTP).
`relayport`: `<integer> (1 - 65535)` ('default =' `25`)::
-SMTP port number for relay host.
+SMTP/LMTP port number for relay host.
+
+`relayprotocol`: `<lmtp | smtp>` ('default =' `smtp`)::
+
+Transport protocol for relay host.
`smarthost`: `<string>` ::
-When set, all outgoing mails are deliverd to the specified smarthost.
+When set, all outgoing mails are deliverd to the specified smarthost. (postfix option `default_transport`)
+
+`smarthostport`: `<integer> (1 - 65535)` ('default =' `25`)::
+
+SMTP port number for smarthost. (postfix option `default_transport`)
+
+`smtputf8`: `<boolean>` ('default =' `1`)::
+
+Enable SMTPUTF8 support in Postfix and detection for locally generated mail (postfix option `smtputf8_enable`)
`spf`: `<boolean>` ('default =' `1`)::
`verifyreceivers`: `<450 | 550>` ::
-Enable receiver verification. The value spefifies the numerical reply code when the Postfix SMTP server rejects a recipient address.
+Enable receiver verification. The value specifies the numerical reply code when the Postfix SMTP server rejects a recipient address. (postfix options `reject_unknown_recipient_domain`, `reject_unverified_recipient`, and `unverified_recipient_reject_code`)
.Section 'spam'
`clamav_heuristic_score`: `<integer> (0 - 1000)` ('default =' `3`)::
-Score for ClamaAV heuristics (Google Safe Browsing database, PhishingScanURLs, ...).
+Score for ClamAV heuristics (Encrypted Archives/Documents, PhishingScanURLs, ...).
+
+`extract_text`: `<boolean>` ('default =' `0`)::
+
+Extract text from attachments (doc, pdf, rtf, images) and scan for spam.
`languages`: `(all|([a-z][a-z])+( ([a-z][a-z])+)*)` ('default =' `all`)::
Enable real time blacklists (RBL) checks.
-`use_awl`: `<boolean>` ('default =' `1`)::
+`use_awl`: `<boolean>` ('default =' `0`)::
Use the Auto-Whitelist plugin.
-`use_bayes`: `<boolean>` ('default =' `1`)::
+`use_bayes`: `<boolean>` ('default =' `0`)::
Whether to use the naive-Bayesian-style classifier.
Quarantine Webinterface Protocol. Useful if you have a reverse proxy for the webinterface. Only used for the generated Spam report.
+`quarantinelink`: `<boolean>` ('default =' `0`)::
+
+Enables user self-service for Quarantine Links. Caution: this is accessible without authentication
+
`reportstyle`: `<custom | none | short | verbose>` ('default =' `verbose`)::
Spam report style.